Why
Auditors want a signed PDF + JSON pack mapping evidence to controls (ISO 27001 A.6.3, A.8.7; SOC2 CC1.4; NIST PR.AT; ACSC Essential Eight ML2 user training).
Scope
- New action
exportEvidencePack({ orgId, period }).
- Pack contains: campaign list, click/report rates, training assignments + completion, MFA enrolment %, audit log slice, sending-domain DKIM/DMARC posture.
- SHA-256 checksum file alongside.
- Control mapping JSON aligned to ISO 27001:2022, SOC2 TSC, NIST SP 800-53, ACSC E8.
Acceptance
- Pack opens in a browser as a single PDF + accompanying JSON.
- Checksum verifies via a small CLI helper.
Why
Auditors want a signed PDF + JSON pack mapping evidence to controls (ISO 27001 A.6.3, A.8.7; SOC2 CC1.4; NIST PR.AT; ACSC Essential Eight ML2 user training).
Scope
exportEvidencePack({ orgId, period }).Acceptance